Raspberry Pi mit HDD (von NULL an) einrichten
1. SD-Karte beschreiben:
dd if=/home/hss/Downloads/2020-08-20-raspios-buster-armhf-lite.img of=/dev/mmcblk0 bs=1M
Anmerkung: Partition /dev/mmcblk0p1 dient als "BIOS" für den RasPi
Daher kann der RasPi nicht ohne diese booten
2. Die SD-Karte am Laptop mounten, danach:
In der ersten Partition:
SSH automatisch starten
touch /media/hss/boot/ssh
Timeout für USB-Laufwerke verlängern
echo program_usb_timeout=1 | sudo tee -a /media/hss/boot/config.txt
von USB-Laufwerk booten
echo program_usb_boot_mode=1 | sudo tee -a /media/hss/boot/config.txt
USB-Strombegrenzung aufheben
echo max_usb_current=1 | sudo tee -a /media/hss/boot/config.txt
3. Netzwerk konfigurieren:
Statische IP-Adresse:
echo "interface eth0" | sudo tee -a /media/hss/rootfs/etc/dhcpcd.conf
echo "static ip_address=192.168.151.100/24" | sudo tee -a /media/hss/rootfs/etc/dhcpcd.conf
echo "static routers=192.168.151.1" | sudo tee -a /media/hss/rootfs/etc/dhcpcd.conf
echo "static domain_name_servers=1.0.0.1 1.1.1.1" | sudo tee -a /media/hss/rootfs/etc/dhcpcd.conf4. SD-Karte auswerfen und im RasPi booten
Nutzer "hss" anlegen und "pi" löschen
ssh -l pi 192.168.151.100
sudo -s
adduser hss
sed -i 's/:pi/:pi,hss/g' /etc/group
cp /etc/sudoers.d/010_pi-nopasswd /etc/sudoers.d/010_hss-nopasswd
sed -i 's/pi/hss/g' /etc/sudoers.d/010_hss-nopasswd
exit
exit
ssh -l hss 192.168.151.100
sudo -s
deluser --remove-home piSystem-Upgrade
apt-get update
apt-get -y upgrade
apt-get -y dist-upgradeHostnamen ändern
sed -i 's/raspberrypi/pi3.lan.suhle.de pi3/g' /etc/hosts
hostname -b pi3.lan.suhle.de
raspi-config --> System Options --> Hostname --> pi3.lan.suhle.de
echo " " | sudo tee -a /etc/hosts
echo 192.168.150.200$'\t\t'nas.lan.suhle.de$'\t\t'nas | sudo tee -a /etc/hosts
echo 192.168.150.222$'\t\t'tv.lan.suhle.de$'\t\t'tv | sudo tee -a /etc/hosts
echo 192.168.150.252$'\t\t'fhem.lan.suhle.de$'\t\t'fhem | sudo tee -a /etc/hosts
echo 192.168.150.253$'\t\t'fhem2.lan.suhle.de$'\t\t'fhem2 | sudo tee -a /etc/hosts
echo 192.168.150.254$'\t\t'pi.lan.suhle.de$'\t\t'pi | sudo tee -a /etc/hosts
echo 192.168.150.1$'\t\t'firewall.lan.suhle.de$'\t\t'firewall | sudo tee -a /etc/hosts
echo 192.168.150.2$'\t\t'fritz2.lan.suhle.de$'\t\t'fritz2 | sudo tee -a /etc/hosts
echo 192.168.151.1$'\t\t'fritz.lan.suhle.de$'\t\t'fritz | sudo tee -a /etc/hosts
echo 192.168.151.100$'\t\t'pi3.lan.suhle.de$'\t\t'pi3 | sudo tee -a /etc/hosts
echo 192.168.151.100$'\t\t'www.lan.suhle.de$'\t\t'www | sudo tee -a /etc/hosts5. RasPi-System auf die USB-HDD bringen und nutzen
- Raspberry Pi herunterfahren
- SD-Karte entnehmen und in das Laptop stecken
- USB-HSS an das Laptop anschließen
Partition /dev/mmcblk0p1 mounten (/media/hss/boot)
cp /media/hss/boot/cmdline.txt /media/hss/boot/cmdline.txt.orig
Mit Hilfe von blkid die PARTUUID der HDD-Partition herausfinden:
/dev/sdb1: UUID="87e21227-3ae5-4767-b332-cea4fdc05a1c" TYPE="ext4" PARTUUID="8b209fef-01"
Die PARTUUID der HDD muss in die /boot/cmdline.txt UND in die /rootfs/etc/fstab
Dateien auf die USB-HDD schieben:
rsync -axv /media/hss/rootfs/* /media/hss/(sdb1)
6. SD-Karte und USB-HDD an den RasPi anschließen und booten
7. Mount Point für Daten-Partition erstellen:
mkdir /home/usb
mount /dev/sda3 /home/usb
chown root:users /home/usb
chmod 775 /home/usb/In der /etc/fstab den Eintrag dafür erstellen! Zum Beispiel:
PARTUUID=8b209fef-03 /home/usb ext4 defaults 0 0
8. Software installieren
apt-get update
apt-get install mc vim dnsutils recode
rsync -av /home/usb/snapshots_pi3/daily.0/localhost/home/hss/scripts /home/hss/9. ssh-Keys wiederherstellen
mv /etc/ssh /etc/ssh.orig
rsync -av /home/usb/snapshots_pi3/daily.0/localhost/etc/ssh /etc/
rsync -av /home/usb/snapshots_pi3/daily.0/localhost/root/.ssh /root/
rsync -av /home/usb/snapshots_pi3/daily.0/localhost/home/hss/.ssh /home/hss/10. Apache, MySQL, PHP installieren
apt-get install apache2 libapache2-mod-php php php-mysql mariadb-server
mv /var/www/ /var/www.orig
rsync -av /home/usb/snapshots_pi3/daily.0/localhost/var/www /var/
mv /etc/apache2/ /etc/apache2.orig
rsync -av /home/usb/snapshots_pi3/daily.0/localhost/etc/apache2 /etc/
rsync -av /home/usb/snapshots_pi3/daily.0/localhost/etc/letsencrypt /etc/
# certbot/letsencrypt
apt-get install snapd
snap install core
snap refresh core
apt-get remove certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot --apache
certbot renew --dry-run
# phpmyadmin
apt-get install phpmyadmin
touch /usr/share/phpmyadmin/.htaccess
echo "<Files '*'>" > /usr/share/phpmyadmin/.htaccess
echo $'\t'"<RequireAny>" >> /usr/share/phpmyadmin/.htaccess
echo $'\t\t'"Require ip 192.168.151.254" >> /usr/share/phpmyadmin/.htaccess
echo $'\t\t'"Require all denied" >> /usr/share/phpmyadmin/.htaccess
echo $'\t'"</RequireAny>" >> /usr/share/phpmyadmin/.htaccess
echo "</Files>" >> /usr/share/phpmyadmin/.htaccess11. Crontab wiederherstellen
mv /etc/crontab /etc/crontab.orig
rsync -av /home/usb/snapshots_pi3/daily.0/localhost/etc/crontab /etc/12. Syslog-Überschwemmung stoppen
echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or \
$msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains \
"Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of" or $msg contains \
".scope: Succeeded.") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
systemctl restart rsyslog13. Postfix installieren
apt-get install postfix libsasl2-modules bsd-mailx
# "Internet mit Smarthost"
echo relayhost = smtp.1und1.de | sudo tee -a /etc/postfix/main.cf
echo smtp_sasl_auth_enable = yes | sudo tee -a /etc/postfix/main.cf
echo smtp_sasl_password_maps = hash:/etc/postfix/sasl_password | sudo tee -a /etc/postfix/main.cf
echo smtp_sasl_security_options = noanonymous | sudo tee -a /etc/postfix/main.cf
echo sender_canonical_maps = hash:/etc/postfix/sender_canonical | sudo tee -a /etc/postfix/main.cf
touch /etc/postfix/sasl_password
echo smtp.1und1.de hss@suhle.de:GanzGeheimesPasswort | sudo tee -a /etc/postfix/sasl_password
chmod 600 /etc/postfix/sasl_password
postmap hash:/etc/postfix/sasl_password
touch /etc/postfix/sender_canonical
echo hss hss@suhle.de | sudo tee -a /etc/postfix/sender_canonical
echo root hss@suhle.de | sudo tee -a /etc/postfix/sender_canonical
echo www-data hss@suhle.de | sudo tee -a /etc/postfix/sender_canonical
postmap /etc/postfix/sender_canonical
echo hss@suhle.de > /root/.forward
echo hss@suhle.de > /home/hss/.forward
chown hss:hss /home/hss/.forward
systemctl restart postfix.service
echo "Dies ist ein Testmail" | mail -s "Testbetreff" hss@suhle.de14. Unattended Upgrades einrichten
apt-get install unattended-upgrades
touch /etc/apt/apt.conf.d/52unattended-upgrades
echo "Unattended-Upgrade::Origins-Pattern {" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades
echo "\"origin=Raspbian,codename=${distro_codename},label=Raspbian\";" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades
echo "\"origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation\";" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades
echo "};" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades
echo "Unattended-Upgrade::Automatic-Reboot True;" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades
dpkg-reconfigure -plow unattended-upgrades